devicetree.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Lucas Stach <l.stach@pengutronix.de>
To: Peng Fan <peng.fan@nxp.com>, Jacky Bai <ping.bai@nxp.com>,
	Shawn Guo <shawnguo@kernel.org>, Rob Herring <robh+dt@kernel.org>
Cc: dl-linux-imx <linux-imx@nxp.com>,
	Fabio Estevam <festevam@gmail.com>,
	Frieder Schrempf <frieder.schrempf@kontron.de>,
	Marek Vasut <marex@denx.de>,
	"linux-arm-kernel@lists.infradead.org" 
	<linux-arm-kernel@lists.infradead.org>,
	"devicetree@vger.kernel.org" <devicetree@vger.kernel.org>,
	"kernel@pengutronix.de" <kernel@pengutronix.de>,
	"patchwork-lst@pengutronix.de" <patchwork-lst@pengutronix.de>
Subject: Re: [PATCH 00/11] i.MX8MM power domain support
Date: Thu, 22 Oct 2020 10:24:23 +0200	[thread overview]
Message-ID: <4985eb0d018d488d93e427db27be9418057d9440.camel@pengutronix.de> (raw)
In-Reply-To: <DB6PR0402MB27604614CB067AB6594221ED88050@DB6PR0402MB2760.eurprd04.prod.outlook.com>

Hi Peng,

On Mi, 2020-10-14 at 01:23 +0000, Peng Fan wrote:
[...]
> > > > > 3. either 8MM, 8MN, or 8MP, the power domain design is different,
> > > > > I am not
> > > > sure if it is the good to add hundreds line of code in GPCv2 each
> > > > time
> > > > >   a new SOC is added.
> > > > 
> > > > I don't buy into this argument. We have lots of drivers in the Linux
> > > > kernel that require some changes for new SoC generations, that's
> > > > what Linux drivers are for. The complexity of the hardware doesn't
> > > > disappear just because you push some of the driver bits into TF-A,
> > > > you just handle the complexity at a different palce and IMHO that
> > > > the wrong place. The power domains have complex interactions with
> > > > other drivers in the Linux system, so debugging and deplyong fixes
> > > > is much easier when the power domain handling is fully done by a kernel
> > driver.
> > > Actually, due to the security requirement from other system solution
> > > provider, for example, Microsoft Azure Sphere, it has strict
> > > requirement for power domain to be controlled by secure subsystem(either
> > TF-A, TEE or dedicated secure domain controller).
> > > Same requirement for reset control, and system critical clock control.
> > 
> > Yes, I'm aware of those requirements, but to satisfy those you need a full
> > implementation of all those parts in the secure subsystem. Doing it just for the
> > power domains adds complexity for no gain, as you still won't be able to meet
> > all the requirements and frankly I don't think this is a realistic goal to achieve
> > with the current i.MX8M family of SoCs.
> 
> At least we are moving to that direction.

To me it seems like the current way (custom TF-A interface and
implementation) is one step in the right direction, but two steps
backwards in terms of complexity.

> > Meeting those requirements needs a fully system approach where the secure
> > subsystem parts are made sufficiently independent from the non- secure
> > parts on a hardware level, which I don't see on the i.MX8M SoC and hardware
> > design guide.
> 
> CSU could restrict the access permission.

While this is true, my argument is much broader and not only focused on
on-SoC peripherals. For example some of the power domains need
different voltages for specific performance states, which means you
need to communicate with a external PMIC or other voltage regulator,
which in turn means you need to set aside the necessary i2c bus and/or
GPIO banks required for this communication at system design time, so it
isn't shared between TF-A and the rich OS. I don't see this in any of
the i.MX8M designs.

> > > For NXP i.MX8M family, it is ok to implement in linux kernel, just a
> > > tradeoff to find out a place to hide the complexity ^_^.
> > > 
> > > BTW, for virtualization support, it is better to put the power domain
> > > in a central place to simplify the VM implementation.
> > 
> > Same as above. If you can make all the relevant bits (clock, reset,
> > power-domain, regulator) available via a virtualization friendly API, then I
> > would see a point in adding complexity for this abstraction. As long as this
> > added abstraction only solves a very tiny bit of the overall picture, I just don't
> > see the point in the added complexity and (from a Linux PoV) obfuscation.
> 
> Could we use SCMI for power domain, system critical clocks, smc watchdog
> and etc?

If you could demonstrate a working solution with all those pieces
hidden behind a standard SCMI interface, this would make for a much
more compelling story supporting the secure subsystem argument.

> Or we support two approaches, one is let Linux control everything, the other
> is using SCMI.
> 
> Thoughts?

I wouldn't be opposed to such a solution. If you can put all this
behind a standard SCMI interface, I guess we wouldn't need two
different SoC specific drivers for the same purpose, so we could easily
have a Linux full-control solution (i.e. this patchset) coexist with a
SCMI based implementation, possibly with just a slightly different base
SoC DT with all the power domains, clocks and other system level
control stuff behind SCMI.

What I'm strongly opposed to is having a custom TF-A interface and all
the added complexity for little to no gain in actual system security.

Regards,
Lucas


  reply	other threads:[~2020-10-22  8:24 UTC|newest]

Thread overview: 59+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-30 15:49 [PATCH 00/11] i.MX8MM power domain support Lucas Stach
2020-09-30 15:49 ` [PATCH 01/11] soc: imx: gpcv2: move to more ideomatic error handling in probe Lucas Stach
2020-09-30 16:04   ` Marek Vasut
2020-09-30 15:49 ` [PATCH 02/11] soc: imx: gpcv2: move domain mapping to domain driver probe Lucas Stach
2020-09-30 16:07   ` Marek Vasut
2020-09-30 15:49 ` [PATCH 03/11] soc: imx: gpcv2: split power up and power down sequence control Lucas Stach
2020-09-30 16:10   ` Marek Vasut
2020-09-30 15:49 ` [PATCH 04/11] soc: imx: gpcv2: wait for ADB400 handshake Lucas Stach
2020-09-30 16:11   ` Marek Vasut
2020-09-30 16:19     ` Lucas Stach
2020-09-30 16:23       ` Marek Vasut
2020-10-09  3:05         ` Jacky Bai
2020-10-09  7:27           ` Marek Vasut
2020-10-09  7:51             ` Jacky Bai
2020-10-09  8:19               ` Marek Vasut
2020-09-30 15:50 ` [PATCH 05/11] soc: imx: gpcv2: add runtime PM support for power-domains Lucas Stach
2020-09-30 16:14   ` Marek Vasut
2020-09-30 16:20     ` Lucas Stach
2020-09-30 15:50 ` [PATCH 06/11] soc: imx: gpcv2: allow domains without power-sequence control Lucas Stach
2020-10-09  7:54   ` Jacky Bai
2020-10-09  7:57     ` Jacky Bai
2020-09-30 15:50 ` [PATCH 07/11] soc: imx: gpcv2: add support for optional resets Lucas Stach
2020-09-30 16:15   ` Marek Vasut
2020-09-30 16:23     ` Lucas Stach
2020-09-30 16:30       ` Marek Vasut
2020-09-30 16:34         ` Lucas Stach
2020-09-30 16:38           ` Marek Vasut
2020-10-01  8:59   ` Krzysztof Kozlowski
2020-10-06 19:42   ` Rob Herring
2020-09-30 15:50 ` [PATCH 08/11] dt-bindings: add defines for i.MX8MM power domains Lucas Stach
2020-10-01  8:54   ` Krzysztof Kozlowski
2020-10-06 19:47   ` Rob Herring
2020-09-30 15:50 ` [PATCH 09/11] soc: imx: gpcv2: add support " Lucas Stach
2020-09-30 16:18   ` Marek Vasut
2020-09-30 15:50 ` [PATCH 10/11] arm64: dts: imx8mm: add GPC node and " Lucas Stach
2020-09-30 16:20   ` Marek Vasut
2020-10-01  8:51   ` Krzysztof Kozlowski
2020-10-23 13:22   ` Adam Ford
2020-10-23 14:39     ` Jacky Bai
2020-10-26 10:56   ` Abel Vesa
2020-10-26 11:01     ` Abel Vesa
2020-10-26 11:13       ` Adam Ford
2020-10-26 11:02     ` Lucas Stach
2020-09-30 15:50 ` [PATCH 11/11] arm64: dts: imx8mm: put USB controllers into power-domains Lucas Stach
2020-10-01  7:46 ` [PATCH 00/11] i.MX8MM power domain support Frieder Schrempf
2020-10-03 18:03 ` Adam Ford
     [not found] ` <CAHCN7xKjWEwQr9y0QLrR6KVT=ut=v=coqt4beAvrz1kQSGbX1g@mail.gmail.com>
2020-10-03 18:08   ` Marek Vasut
2020-10-03 18:11     ` Adam Ford
2020-10-08 20:47 ` Adam Ford
2020-10-09  3:00 ` Jacky Bai
2020-10-09 11:12   ` Lucas Stach
2020-10-09 12:57     ` Adam Ford
2020-10-10  2:16     ` Jacky Bai
2020-10-13 18:26       ` Lucas Stach
2020-10-14  1:23         ` Peng Fan
2020-10-22  8:24           ` Lucas Stach [this message]
2020-10-22 16:36             ` Fabio Estevam
2020-10-28 13:50             ` Peng Fan
2020-10-31 13:56               ` Adam Ford

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4985eb0d018d488d93e427db27be9418057d9440.camel@pengutronix.de \
    --to=l.stach@pengutronix.de \
    --cc=devicetree@vger.kernel.org \
    --cc=festevam@gmail.com \
    --cc=frieder.schrempf@kontron.de \
    --cc=kernel@pengutronix.de \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-imx@nxp.com \
    --cc=marex@denx.de \
    --cc=patchwork-lst@pengutronix.de \
    --cc=peng.fan@nxp.com \
    --cc=ping.bai@nxp.com \
    --cc=robh+dt@kernel.org \
    --cc=shawnguo@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).